Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
Abstract:
Over the last few years there have been several serious attacks on
Transport Layer Security (TLS), including attacks on its most
commonly used ciphers and modes of operation. This document
summarizes these attacks, with the goal of motivating generic and
protocol-specific recommendations on the usage of TLS and Datagram
TLS (DTLS).
I consider this document ready for publication.
This document is an Information draft, summarizing somer of the known attacks on TLS and DTLS.
I agree with the security considerations section statement that this document has no security implications.
A few editorial nits:
s/
This attacks summarized/The attacks summarized/
s/
the Klima attack relies on a version-
check oracle is only mitigated by TLS 1.1./
the Klima attack relies on a version-
check oracle and is only mitigated by TLS 1.1./
David Harrington
ietfdbh at comcast.net